Unable to access external website from desktops but can ping and access from server and from externals

What type/version of OS is on the desktops?

Can you temporarily turn off the firewall on the desktops (if currently on) and test again?

Thank you so much for responding

Windows 7 is on the desktops and I have turned off firewalls no dice ... There is a sonic firewall on the network but since the server is able to receive pings .. I am not sure if it is a factor

Accessing the server is different than pinging it.

What do you mean exactly by "external website"?  Is it a web server somewhere on the Internet and what is the address or IP?  What kind of web server - IIS, Apache, other?

its the companies web page .
The point is im able to browse the page externally and also internally from the sbs server only .
The desktops are unable to do so though . Nslookup shows the same non authorative (both on desktop and sbs server and externals) i know the DNS is resolving to the correct ip address . Then i tried to ping the address .. from the sbs server where it can be browsed ..ping works so icmp is being passed through the firewall at least to the server .I tried tracert and it was sucessful .

From the desktop ..internal when it fails .. i cannot ping and tracert gets to the last hop then times out and so i believe there is the beginning of the problem
i just dont know how to troubleshoot from there .
 .

Is there any access restrictions on the web server that denies "certain" IP address range?

Is the SBS server on a static IP address?

What's the exact error message on the desktop PCs?

Also can you try other browser like Firefox n Chrome on the desktop?

Just to be clear, this website is hosted on an external server, not your SBS server, correct?

Its hosted internally

Sorry hosted by network solutions

So where we are is that none of the computers on the LAN except for the server can reach the website which is hosted externally .
the dns settings all resolve to the same ip address . Only the server can successfully ping that address.
All other machines time out at the final hop .( using tracert)

Page not found --Using Chrome ..
The SBS server is a static address

Are the desktops using the same DNS address configuration as the SBS server?

Is it possible to provide the ip config /all of the desktops and the SBS server?

Sounds like you have the bindings set for external access only..
I assume this is IIS.. can you tell me what version?

Is the binding set to an external only address?
Or is the Binding set to an internal address?
What does the DNS look like?

If your website is hosted externally, then IIS bindings shouldn't matter on your end.  Do you have a DNS entry on your server corresponding to the website in question?  Are you forwarding the website from IIS back out to the external website instead of allowing direct access?  Are you using a firewall/gateway/router device and are they any restrictions as to outgoing traffic on that device for computers behind it?

Asif ,
I initally put a host entry in the forwarding zone
corresponding named www
and companyname.com
and the external ip address
ran ipconfig /flushdns
This did nothing.
then i changed the address to the server internal address.
I just got the IIs screen.
I deleted that .
There is a sonicwall device .
I do not know what to look for on there though
If you could let me know what entry I should be looking for that would help .
Thank you for your help .

Here is how the tracert looks .
and here is the ipconfig /all for desktop and server
Unable-to-access-www.company.com-from-wi

Since your website is hosted by an external company, and it's accessible from the internet by other computers, it means they are taking care of the DNS records.  Therefore, you should *not* have any entries whatsoever on your DNS relating to your external website.  Just let DNS resolution happen as it does for all other external websites.  If you have an entry in your DNS server, that is likely the problem.

Regarding your SonicWALL, I doubt there is any problem there.  But, to be sure, check your Firewall > Access Rules and makes sure you don't have outgoing access to your website IP (specifically) blocked from any internal IP source addresses.

Let me know if either of these steps help.

No entry in sonic wall ,
No entry in SBS DNS.
Of note typing in the website address on the browser .Brings up an IIS7 default screen .
Question :
If the tracert fails after that many hops just before the destination , Could that indicate the problem lies with the hosting service ?
What makes my brain itch is that the server itself can access the site .
What am i missing here .
Are there any tools to trace this ?

Shot in the dark here:  Do you have any entries in the hosts file on the workstations that could be causing this?  Also, have you flushed the DNS cache on the workstations?  The fact that they are showing an IIS splash screen seems to suggest they are still trying to access the server.  Your local IIS and your corporate (external) website don't have the same DNS name, do they?

The server name is MLmain. Where would I double check if the IIS has the same name ?

Asif,
Flushed the DNS cache,
if the IIS had the same name would'nt NSlookup www.company.com resolve to the local server which would cause the problem ?
I am not sure where to look to verify that this isnt the case
Please Advise

Yes, you would think that the nslookup would just resolve to the server at that point, but then again, we're just trying to rule things out at this point since this problem is a little strange on its own.  

Please check your forward lookup zones in your DNS to see if there is any mention of www.company.com.  There shouldn't be, since you are correctly using a .local domain for your network.  If it's in there, maybe take a screenshot so we can look at the settings.

I had another thought also.  Are all of your machines behind the SonicWALL?  Or does your server have one external IP and your workstations are using a different NAT'ed IP?

Asif ..
Hmm.
Well thats a thought ,,
Remote.company.com is set up on the server .
Remote Web services is set to use remote,company.com
How do I check if the Sonic has an external set strictly for the server ?

remote.company.com is ok, that's pretty standard.  Instead of digging around SonicWALL, let's do something simpler.

1)   From your server, go to http://www.whatsmyip.org/ and note the IP address
2)   From one of your workstations, also go to http://www.whatsmyip.org/ and note the IP address

If (1) and (2) are the same, then we don't have separate IPs and you are NAT'ing the same address so that isn't a problem.  If you have different IPs then please post back and we'll discuss.

Do you mind me asking what your actual public website is?  I would like to take a look at it's DNS record and see if I can find any clues.  I assume since it's a public website, you wouldn't mind?  If you'd prefer, you could private message me on the site so it isn't posted here.

Assif,
They are different.
server is x.x.x.154
desktop is x.x.x.155
This is the first clue so far !!! Great !!!
What do I do next ?

Wow !
Thanks so much for your help !  Will look into that also and keep you posted .
So there is no chance that  x.x.x.155 is somehow affected by the sonicwall ?
( I am not a sonic wall expert)

No problem, hopefully we've got you on the path to resolving this issue!  

Regarding the second IP address, it is possible that your SonicWALL is the cause but since you didn't see any outgoing rules when you checked earlier, I really don't think so.

If you want to be totally sure, you can put one of your clients in a DMZ.  I'm going to assume you are using NAT mode.  If so, this is the procedure

1)   Log into your SonicWALL device
2)   Click Network > Interfaces
3)   Find an unassigned zone, click Configure
4)   Select DMZ from the Zone drop-down box.  Select Static from the IP Assignment drop-down
5)   Enter the IP address and subnet mask of one of your workstations
6)   Check an option next to Management to enable remote management of the DMZ
7)   Check HTTP/HTTPS next to user login
8)   Click OK

Your specified workstation should now be in a DMZ and have unrestricted internet access.  Verify this by going to http://www.whatsmyip.org/ from the workstation in the DMZ and noting it's IP.  Assuming it's still the x.x.x.155, then try accessing your public website.  At this point (since we are in a DMZ) the firewall is not blocking any traffic to that workstation and no rules are being applied.  So, if you can view the website, then your SonicWALL is indeed blocking the workstations.  If you cannot view the website still, then it has nothing to do with your SonicWALL.  If your address at  http://www.whatsmyip.org/ is not the x.x.x.155 address any more, then post back and let me know what it reports as your address.

Need to get permission to try this .
Will let you know .

Situation RESOLVED .!!!!
Special shout out to Assif .
Turns out the Ip address x.x.x.155 needed to be whitelisted at the hosting site .
Thank you so much for the help !
You guys were amazing !!
Never used this exchange before to help resolve an issue  .
Will be looking to pay it forward myself.
Thanks a million !

It's always the little things, glad you got it sorted out!  Now, go enjoy your weekend! :-)

I've requested that this question be closed as follows:

Accepted answer: 0 points for Andre P's comment #a40456612

for the following reason:

The help received here allowed me to narrow it down .
Because the tracert timed out within the area covered b the host company we were able to determine that the problem lay there .